Australia ‘ready for cyber attack’

THE federal government promises it will remain vigilant, as a group orchestrating cyber attacks wreaks havoc worldwide.

On Friday, a massive wave of cyber attacks swept across 99 countries, with cyber security experts claiming it could be the biggest attack of its kind ever recorded.

Despite the fact that - so far - there have been no confirmed reports of attacks on Australian organisations, Cyber Security Minister Dan Tehan has admitted that doesn't mean we're not at risk.

"I cannot put my hand on my heart and say that means we are 100 per cent cyber secure," he told reporters in Perth today.

"The technology changes, the vulnerabilities change."

Earlier, Prime Minister Malcolm Turnbull insisted that even if we are targeted, the government is prepared.

"We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia's critical infrastructure," he said through a spokesman.

The attacks, believed to be part of an extortion plot, have so far created chaos in hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.

Cyber extortionists have tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

The ransomware encrypted data on the computers, demanding payments of $US300 ($AU406) to $US600 ($AU812) to restore access.

The hackers have not come forward to claim responsibility but a mysterious hacking organisation, called Shadow Brokers, is being blamed for the attack - possibly in retaliation for US air strikes on Syria.

In April, Shadow Brokers released a piece of National Security Agency (NSA) code known as "Eternal Blue", as part of a trove of hacking tools they said belonged to the US spy agency.

The Eternal Blue code gives access to all computers using Microsoft Windows, the world's most popular computer operating system. The NSA had developed it to gain access to computers used by terrorists and enemy states.

It is believed that Eternal Blue, having been dumped by Shadow Brokers, was then picked up by a separate crime gang which used it to launch the extraordinary worldwide cyber security breach.

According to The Telegraph, some experts believe the timing of this cyber dump is significant and indicates that Shadow Brokers has links to the Russian government.

In an internet posting, six days before it hacked the NSA and released the Eternal Blue code on April 14 - and a day after the first air strikes - Shadow Brokers appeared to issue a warning to US President Donald Trump.

"Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning 'your base', 'the movement', and the peoples who getting you elected," the group said in broken English in a statement, according to The Telegraph.

UPDATE YOUR SOFTWARE

Experts are now urging Microsoft users to update their software.

Microsoft has released software patches for the security holes, although not everyone has installed those updates.

"If your software is not patched, you can exploit that user. Anyone who applied the patch that Microsoft released likely wasn't affected by this," John Villasenor, a professor at the University of California, Los Angeles said.

Mr Villasenor also said users should regularly back up their data and ensure that security updates are installed on their computer as soon as they are released. Up-to-date backups make it possible to restore files without paying a ransom.

BIGGEST IN HISTORY

Cyber security experts are calling the hack the biggest attack of its kind ever recorded.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, has called it "the biggest ransomware outbreak in history".

Another expert, Chris Wysopal of the software security firm Veracode, said he believes criminal organisations are behind the attack, given how quickly the malware spread.

"For so many organisations in the same day to be hit, this is unprecedented," Mr Wysopal said.

There are currently no confirmed reports Australian organisations have been hit by the cyber breach but the federal government said it will remain vigilant.

"We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia's critical infrastructure," Prime Minister Malcolm Turnbull said through a spokesman on Saturday.

The prime minister's right-hand man on cyber security, Alastair MacGibbon, is working with officials and health agencies to determine any impact on Australia.

But the US Department of Homeland Security's computer emergency response team said it was aware of ransomware infections "in several countries around the world."

"We are now seeing more than 75,000 detections ... in 99 countries," Jakub Kroustek of the security firm Avast said in a blog post around 2000 GMT.

At least 16 organisations within the NHS, some of them responsible for several hospitals each, reported being targeted.

"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected," Prime Minister Theresa May said.

Britain's National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 ($AU406) in Bitcoin, saying: "Oops, your files have been encrypted!".

It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.

A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.

Although Microsoft released a security patch for the flaw earlier this year, many systems have yet to be updated, researchers said.

"Unlike most other attacks, this malware is spreading primarily by direct infection from machine to machine on local networks, rather than purely by email," Lance Cottrell, chief scientist at the US technology group Ntrepid.

"The ransomware can spread without anyone opening an email or clicking on a link."